netfilter buglog - Apr 2023 - [Bug 1677] New: iptables 1.8.8 breaks parsing of long-form arguments using = syntax

https://bugzilla.netfilter.org/show_bug.cgi?id=1677

            Bug ID: 1677
           Summary: iptables 1.8.8 breaks parsing of long-form arguments
                    using = syntax
           Product: iptables
           Version: 1.8.x
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: iptables
          Assignee: netfilter-buglog at lists.netfilter.org
          Reporter: paulfurtado91 at gmail.com

It seems that 1.8.8 breaks argument parsing with iptables-legacy.

On 1.8.7, the following syntax works:
iptables -w 10 -t nat -A POSTROUTING --out-interface=eth0 --jump=MASQUERADE
--random-fully

On 1.8.8 and 1.8.9, it produces:
interface name `--out-interface=eth0' must be shorter than IFNAMSIZ (15)
So it looks like IFNAMSIZ must be including the entire argument instead of just
eth0.

If you then remove the = from the --out-interface argument and write it as:
iptables -w 10 -t nat -A POSTROUTING --out-interface eth0 --jump=MASQUERADE
--random-fully

You get the error:
unknown option "--random-fully"
Which is a little odd. But it seems like it may be looking at that as a value
being passed to --jump.

If you remove --random-fully and leave --jump alone:
iptables -w 10 -t nat -A POSTROUTING --out-interface eth0 --jump=MASQUERADE
The error is now:
Couldn't load target `--jump=MASQUERADE':No such file or directory

Finally, the command works if specified as:
iptables -w 10 -t nat -A POSTROUTING --out-interface eth0 --jump MASQUERADE
--random-fully

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230426/78e3321c/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1677

Phil Sutter <phil at nwl.cc> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |phil at nwl.cc
         Resolution|---                         |FIXED

--- Comment #1 from Phil Sutter <phil at nwl.cc> ---
Hi!

Thanks for the detailed report. The bug has been fixed in upstream commit
90a7a183a208b ("xshared: Fix parsing of option arguments in same
word").

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230428/c068e186/attachment.html>